just another infosec blog

Kali Linux – my preferred toolbox

Back in the old days if you were interesting in penetration testing you had to scour obscure resources (BBS, IRC, you name it) to assemble your own toolbox. I remember back in 1997 – there were no single point to seek good tools to put in my toolbox. It was really fragmented. In the latter years this has changed much and today you can download full-fledged toolboxes at will. One of these toolboxes is Kali Linux.

What is Kali Linux?

Kali Linux is a Debian derived Linux distribution for use in digital forensics and penetration testing. It got more than 600 tools built-in in the standard installation. Kali was initially released back in 2013 – then as a complete rewrite and overhaul of BackTrack Linux.

Why Kali Linux?

The reason I chose to base my work on Kali is simple. Kali appears to be the most popular penetration testing Linux distribution out there. I base this assumption on talking with colleagues in the industry and scouring the Net. Sure – you might blame that being populist – but, whatever floats the boat. One of the greatest thing is that I can contact colleagues overseas and ask a simple question mentioning Kali and BOOM! I get answers directly.

This might hold true to other distributions as well – but I think the hit rate is bigger using Kali. Just my opinion, there.

Setup

My preferred way of running Kali is through VMware. Running it through VMware is great since I can dispose the VMware image if needed. Sometimes it is easier to just ditch the installation all together instead of manually cleaning it out between projects. Especially for long-term projects when I accumulate vast amounts of data. On my particular setup I run two VMware images. One for Windows and of course Kali. Often in projects I need several OS’s for testing. Instead of carrying several laptops around I can keep everything local and swap between them with ease.

However, there are other ways. For instance you could

Run it from USB or other removable disk based media
By this I mean booting from removable disk based media. By doing this you got a self-contained operating system on a disk. By doing this you keep your system(s) separated.

Run it from CD/DVD
I have not seen any penetration testers doing this, but you can run Kali straight off a CD or DVD. Sources on the Net mentions this is the greatest setup for being completely anonymous. Anonymously in regards you can just eject the disk and destroy it. Personally I don’t see a point in this.

Local installation
When taking out all the fluff about Kali, Kali is just a regular Linux distribution you can install locally. If you have the needs for a dedicated Kali machine, just install it locally. I do not recommend using Kali as a desktop OS.

Tools included

Kali comes with a ton of tools. Everything from tools for information gathering, vulnerability analysis, wireless attacks, attacking web applications, exploitation, forensics, stress testing, sniffing and spoofing, password attacks and reverse engineering – just to name a few. The selections of tools are so vast that it is difficult to navigate the landscape. There are just too much goodness!

Some of my favorites are

OWASP ZAP!

Sqlmap

Nikto

Burp Suite

Although Kali comes with many tools, I prefer to add in some few extras:

SOAP UI – for testing web services. When I was a developer this tool was IT!

Komodo Edit – Since I do a lot of scripting in Python and Ruby this is a must.

External device(s)

In my work I use very few external devices. It basically boils down to using the external WiFi card AWUS036H from Alfa Network. It’s a nice device that just works under Kali – plug and play. It seems like that this card has become an industrial standard today. Anyhow – I’ve put a better antenna on it in order to discover those far away WiFi networks.

Other distributions

Kali isn’t the only Linux distribution targeting penetration testers. There are several others, too, each with varying focus and different approach. I haven’t focused much on testing various distributions in my work. But I suppose each of them has their use – from my Linux days I think it all boils down to personal preference and taste.

Here’s a few choices:

ArchAssault (Arch Linux)

BackBox (Ubuntu Linux)

BlackArch (Arch Linux)

Knoppix STD (based on Knoppix)

Pentoo (Gentoo)

There are many, many more distributions available. See the “Resources” section for more information.